From a84c2a72d5f045992aa7f4973b0478d062caab04 Mon Sep 17 00:00:00 2001
From: Arpit Jain <arpitjain099@gmail.com>
Date: Tue, 2 Jun 2026 10:01:53 +0900
Subject: [PATCH] ci: restrict helm-test workflow permissions to read-only

Set an explicit least-privilege permissions block so the workflow GITHUB_TOKEN is scoped to contents: read instead of inheriting the repository default.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
---
 .github/workflows/helm-test.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml
index c848801..029c4b0 100644
--- a/.github/workflows/helm-test.yaml
+++ b/.github/workflows/helm-test.yaml
@@ -8,6 +8,9 @@ on:
   pull_request:
     branches: [ main ]
 
+permissions:
+  contents: read
+
 jobs:
   helm-unittest:
     runs-on: ubuntu-latest